Hi there!
I have a strange problem I tryied to go...
# awsg
great-waiter-70568
05/25/2022, 4:07 AMHi there!
I have a strange problem I tryied to googled but could not found solution so far.
Here my context:
I imported IAM User and Group.
As I'm at the import step the first time I run pulumi it raise error as I may don't have the correct policy to make the action, so first time it fail then I update my policy, run it again and my data are imported correctly.
So first I go with User and on first call it fail as I did not have "iam:GetUser" so I add it and then run again and no problem my users are imported. 🎉
Next I import Group and same as user it fail so I add "iam:GetGroup" and run again but here it became weird I have error message asking to update the name of my group to append a random string, then always fail.
My problem:
Each time I run "pulumi up" pulumi tell me that I have update for the group (I have a total of 4 groups)
4 times something like:
~ awsiam/groupGroup: (update) 🔒
.....
~ name: "app-e7195e2" => "app-2482515
If I say yes it fail as the app-e7195e2 group don't exist. The real name when I first import was "app" and did not change.
And each time I have a different random string after name of the group...
If somebody have an idea or suggestion to solve this case, It will be very helpful.
Thank for any help.
l
little-cartoon-10569
05/25/2022, 4:18 AMThe name change is happening because Pulumi thinks you're creating a new resource (IAM group) instead of using the one you just imported. There's a few reasons this might be happening. I think the most likely is that your initial attempt to import the group added Pulumi code for you, but didn't add it to your Pulumi state. You need to resolve this: get the state and code to match up.
little-cartoon-10569
05/25/2022, 4:18 AMYou can do this by updating your existing code to have the
importlittle-cartoon-10569
05/25/2022, 4:19 AMYou may want to look at your state to see what's in there, it might help you get a picture of what's going on. You can export the state to JSON and review it, but I think an easier option in this case would be to run
pulumi preview --show-samesg
great-waiter-70568
05/25/2022, 4:20 AMAfter posting I found one stackoverflow question and notice that I don't force the name in the group definition
So I update the call to:
aws.iam.Group("app",name="app",pts=pulumi.ResourceOptions(protect=True))l
little-cartoon-10569
05/25/2022, 4:20 AMYou'll need to check what's in code, state and AWS, and figure out which one has to change to make everything line up.
g
great-waiter-70568
05/25/2022, 4:21 AMThanks for the fast reply....
I will try your suggestion and post back here.
l
little-cartoon-10569
05/25/2022, 4:22 AMYour latest comment makes me think that the group is imported into state already. So you may want to update the state to be correct, rather than get Pulumi to change AWS, which is what it is trying to do.
little-cartoon-10569
05/25/2022, 4:22 AMTo update the state, you can export-edit-import it, or delete the resource from state and re-import it.
✅ 1
g
great-waiter-70568
05/25/2022, 4:24 AMThank again,
I will check how to update the state.
Sorry for the not clear question I'm still beginner here, I learn every day.
l
little-cartoon-10569
05/25/2022, 4:29 AMThat's fine, we've all been there, and Pulumi is built on some complex ideas. Fortunately it's mostly the same ideas over and over, so once you get used to it, you can solve most problems really quickly.
g
great-waiter-70568
05/25/2022, 4:37 AMCool, thanks for the help,
I was able to export edit and import, I no more have diff with the group name! 🎉
I found the doc about state and command example on how to import/export.
It's pretty simple, I will read again the doc to learn more about.
Thank a lot for the help. 🙇
https://www.pulumi.com/docs/intro/concepts/state/#migrating-between-backends
👍 1
4 Views